To Tor or not to Tor?

coderman coderman at
Fri Mar 21 19:49:51 PDT 2014

On Fri, Mar 21, 2014 at 3:04 AM, rysiek <rysiek at> wrote:
> Hi there,
> As I am running a local cryptoparty and do a lot of basic encryption/privacy
> talks and workshops, I am often recommending Tor as one of the means of
> protecting one's privacy and yes, even security

speaking as a security enthusiasts and attending venues where hostile
networks are expected and common, i can sum up my personal position

1. Tor has worked in environments where no other communication could.
this includes situations where everything not-Tor was blocked or
actively attacked.  for this reason alone i believe it is an
indispensable tool in the security practitioner's toolbox.

2. Exit nodes should be considered hostile.  you'll be wrong most of
the time (by design) but it doesn't hurt to remember that plain-text
is not only observed but trivially manipulated through exit relays.

3. Defense in depth! Not only do 0day happen, but also accidents,
oversights, catastrophes, the slow march of time...  This can mean
running a live Tor distro like Tails or constructing a series of
isolated VMs for research on Qubes with a Tor Proxy VM.

as for the concerns about identifying Tor users, the latest Tor
bundles and Tails image have support for obfuscated proxies into the
Tor network and other bridges.  if Tor use alone is a concern, you're
doing OPSEC wrong and/or living where obfuscated proxies are

best regards,

More information about the cypherpunks mailing list